Author Archives: HatsOffSecurity

Registry Key Last Write Time

Posted on May 20, 2014 by HatsOffSecurity

Windows Registry keys keep a time stamp embedded within them. This cannot easily be seen using regedit.exe, so instead we turn to our trusty Forensic tool kit. First off I used FTK Imager to capture locked files. This allowed the … Continue reading

Posted in Windows Forensics, Windows Registry Forensics | Tagged , | 4 Comments

Security Wizardry

Posted on May 20, 2014 by HatsOffSecurity

Security Wizardry An excellent Cyber Information Portal. The Radar page is used by the NSA as seen in the photos on the site.

Posted in Cyber | Tagged | Leave a comment

Windows Registry – The basics

Posted on May 19, 2014 by HatsOffSecurity

The Windows registry is made up of individual files, known as ‘hives’, these hives contain ‘keys’ (folders) and ‘values’ (data). There are four root keys: HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS   It is possible to access the registry while Windows is … Continue reading

Posted in Windows Forensics | Tagged , | Leave a comment

Hats Off Security Blog

Posted on May 19, 2014 by HatsOffSecurity

Welcome to what I hope to be a technical and useful blog, I do tend to go off on tangents quite often, for example my spell checker doesn’t recognise ‘blog’ as a word….. ah well. This blog will be more … Continue reading

Posted in Introduction | Tagged | Leave a comment